Two Controls, One Result

Abstract:In the three years since the enactment of the Sarbanes-Oxley Act (SOX), implementing organizations have begun to realize that operating with separate SOX controls is expensive, and they are now looking for a way to integrate SOX controls into their existing management systems. These organizations have found the controls required for ISO 9001 compliance are helpful in demonstrating due diligence in all aspects of their business, including the financial controls required by SOX. In other words, SOX tells management what to do, and ISO 9001 tells them how to do it efficiently. The greatest hurdles in creating an integrated ISO 9001/SOX management system are understanding transactional processes within the organization and training, but managers who decide to adopt this approach reap the twin advantages of efficiency of effort and clarity of …